---
page_title: "cloudflare_access_ca_certificate Resource - Cloudflare"
subcategory: ""
description: |-
  Cloudflare Access can replace traditional SSH key models with
  short-lived certificates issued to your users based on the token
  generated by their Access login.
---

# cloudflare_access_ca_certificate (Resource)

Cloudflare Access can replace traditional SSH key models with
short-lived certificates issued to your users based on the token
generated by their Access login.

~> It's required that an `account_id` or `zone_id` is provided and in
   most cases using either is fine. However, if you're using a scoped
   access token, you must provide the argument that matches the token's
   scope. For example, an access token that is scoped to the "example.com"
   zone needs to use the `zone_id` argument.

## Example Usage

```terraform
# account level
resource "cloudflare_access_ca_certificate" "example" {
  account_id     = "f037e56e89293a057740de681ac9abbe"
  application_id = "6cd6cea3-3ef2-4542-9aea-85a0bbcd5414"
}

# zone level
resource "cloudflare_access_ca_certificate" "another_example" {
  zone_id        = "0da42c8d2132a9ddaf714f9e7c920711"
  application_id = "fe2be0ff-7f13-4350-8c8e-a9b9795fe3c2"
}
```
<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `application_id` (String) The Access Application ID to associate with the CA certificate.

### Optional

- `account_id` (String) The account identifier to target for the resource. Conflicts with `zone_id`.
- `zone_id` (String) The zone identifier to target for the resource. Conflicts with `account_id`.

### Read-Only

- `aud` (String) Application Audience (AUD) Tag of the CA certificate.
- `id` (String) The ID of this resource.
- `public_key` (String) Cryptographic public key of the generated CA certificate.

## Import

Import is supported using the following syntax:

```shell
# Account level CA certificate import.
$ terraform import cloudflare_access_ca_certificate.example account/<account_id>/<application_id>

# Zone level CA certificate import.
$ terraform import cloudflare_access_ca_certificate.example account/<zone_id>/<application_id>
```
